Jeff King <peff@xxxxxxxx> writes:
> On Thu, Jun 14, 2018 at 11:28:50PM -0400, Jeff King wrote:
>
>> Yep. We also fail to check if we even have enough bytes to read the
>> buffer_size in the first place.
>>
>> Here are some patches. The first one fixes the problem you found. The
>> second one drops some dead code that has a related problem. And the
>> third just drops some dead code that I noticed in the same file. :)
>>
>> [1/3]: ewah_read_mmap: bounds-check mmap reads
>> [2/3]: ewah: drop ewah_deserialize function
>> [3/3]: ewah: drop ewah_serialize_native function
>
> Actually, we'd want this one on top. Arguably it could be squashed into
> patch 1.
>
> -- >8 --
> Subject: ewah: adjust callers of ewah_read_mmap()
>
> The return value of ewah_read_mmap() is now an ssize_t,
> since we could (in theory) process up to 32GB of data. This
> would never happen in practice, but a corrupt or malicious
> .bitmap or index file could convince us to do so.
>
> Let's make sure that we don't stuff the value into an int,
> which would cause us to incorrectly move our pointer
> forward. We'd always move too little, since negative values
> are used for reporting errors. So the worst case is just
> that we end up reporting a corrupt file, not an
> out-of-bounds read.
>
> Signed-off-by: Jeff King <peff@xxxxxxxx>
> ---
Makes sense.
> dir.c | 3 ++-
> pack-bitmap.c | 2 +-
> 2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/dir.c b/dir.c
> index 61b513a078..d5185660f1 100644
> --- a/dir.c
> +++ b/dir.c
> @@ -2725,7 +2725,8 @@ struct untracked_cache *read_untracked_extension(const void *data, unsigned long
> struct read_data rd;
> const unsigned char *next = data, *end = (const unsigned char *)data + sz;
> const char *ident;
> - int ident_len, len;
> + int ident_len;
> + ssize_t len;
> const char *exclude_per_dir;
>
> if (sz <= 1 || end[-1] != '\0')
> diff --git a/pack-bitmap.c b/pack-bitmap.c
> index 369bf69d75..2f27b10e35 100644
> --- a/pack-bitmap.c
> +++ b/pack-bitmap.c
> @@ -125,7 +125,7 @@ static struct ewah_bitmap *read_bitmap_1(struct bitmap_index *index)
> {
> struct ewah_bitmap *b = ewah_pool_new();
>
> - int bitmap_size = ewah_read_mmap(b,
> + ssize_t bitmap_size = ewah_read_mmap(b,
> index->map + index->map_pos,
> index->map_size - index->map_pos);
